pain medication

How To: Install and configure Squid on Mac OS X

September 27th, 2009 5 comments

What is Squid?
Squid is a caching proxy server for the web.
Whether you’re using it at home for just a few machines, or at an office for thousands of machines, it’s reliable, can help save bandwidth, and most importantly is relatively simple to get running.

Requirements

  • Xcode Tools must be installed, as you will be compiling Squid from its source code. Xcode Tools is available on you Mac OS X Install discs, and also from http://developer.apple.com/
  • Knowledge of the command line interface
  • Administrator access

Installation and Configuration

1. Download the Squid source code from here: http://www.squid-cache.org/. Follow the links and download the latest stable release. This guide was written for Squid v3.0 Stable 19  (.tar.gz download), but later versions will most likely follow the same process.

2. Open Terminal and cd to the location you downloaded the file to:

cd ~/Downloads

3. Extract the archive:

tar zxvf squid-3.0.STABLE19.tar.gz

4. Go into the squid source code directory:

cd squid-3.0.STABLE19

5. Run the configure script, with the location of the squid installation. I always use the below, because it separates the squid install into a specific directory instead of sprawling files all over the system (which makes it harder to remove later, if you need to)

./configure –prefix=/usr/local/squid

6. Compile squid with the following command:

make all

7. Install squid with the following command:

sudo make install

8. Now that squid is installed, it needs some configuring:

cd /usr/local/squid/etc/

9. Edit the default configuration file:

sudo vi squid.conf

10. Add an ACL to allow all hosts on your network to use squid. Locate the line:

http_access allow localnet

Add the following line above it:

http_access allow all

11. Set the cache_dir (the location to store the cache files). Locate the line:

# cache_dir ufs /usr/local/squid/var/cache 100 16 256

Uncomment the line, and change the path to one of your choosing. E.g.:

cache_dir ufs /Volumes/Misc/var/cache 5000 16 256

12. The default maximum_object_size is 4MB. This means squid will only cache files smaller than 4MB. Not very helpful if you’re downloading large files (specifically, software updates). Locate the line:

# maximum_object_size 4096 KB

Change the line to something more appropriate for your needs. E.g.:

maximum_object_size 214096 KB

13. By default, squid will allow go into a “shutdown pending” mode if it receives a SIGTERM or SIGHUP. This tends to make the Mac shutdown process pause for some time while it waits for Squid to exit. I’ve worked around this by changing this line:

# shutdown_lifetime 30 seconds

# shutdown_lifetime 30 seconds

to this:

shutdown_lifetime 2 seconds

14. Set other options as necessary.

15. Ensure the cache directory exists, and that permissions are correct. By default, squid will run as “nobody”, so the cache directory and those under it need permission to access it.

cd /Volumes/Misc/var/

sudo mkdir cache

sudo chown -R nobody:nobody cache

16. Ensure the log directory exists, and that permissions are correct. Squid will be logging to /usr/local/squid/var/logs.

sudo mkdir /usr/local/squid/var/logs

sudo chown nobody /usr/local/squid/var/logs

17. Start squid for the first time manually. This is required in order for it to create the necessary cache directories:

cd /usr/local/squid/sbin

sudo ./squid -z

18. Squid will create the cache directories and then exit.

19. Start squid in the foreground and test it out. Configure a web browser to use the proxy server localhost:3128, then run squid again:

sudo ./squid

20. If you can access the web via the proxy, then you’re all set. Otherwise, review settings and check the logs (/usr/local/squid/var/logs/ – cache.log and access.log)

21. Stop squid, as we’ll now configure it to run at startup:

sudo ./squid -k shutdown

ps -ef | grep squid

22. Download this file: http://maxpowerindustries.com/files/org.squid.squid.plist

23. Locate the file and copy it to /Library/LaunchDaemons.

24. Fix permissions on the startup item:

cd /Library/LaunchDaemons

sudo chown -R root:wheel Squid

sudo chmod 644 org.squid.squid.plist

25. Restart your Mac and confirm that Squid is running once it starts back up. Open Terminal, and run:

ps -ef | grep squid

26. Configure other machines on your network to use Squid.

That’s pretty much it for a basic config on Mac OS X for a home user. It’s functional, but by no means completely secure and optimised.

Its worth configuring squid log rotations as well, since the logs can grow quickly. Setting up a cron job to run ‘/usr/local/squid/sbin/squid -k rotate’ will overcome this. If you want to archive the logs, you might want to set up your own scripts to do this.

How To: Install the rsync daemon on Mac OS X

September 21st, 2009 5 comments

Updated for Mac OS X 10.5 Leopard (using information from here:  http://www.designsolution.co.uk/resources/rsync/)
Before we start anything here, I’m going to give you a warning.

rsync can make a real mess of Mac OS files.

There, I said it. It wasn’t designed to handle resource forks or packages or the Mac’s icon storing arrangements. If you really need that, there’s another product called RsyncX which can do the job – but I’m not dealing with that app this time.

What is rsync?
The man page describes it as a “faster, flexible replacement for rcp”. Essentially, it’s an app used for copying files either locally, or to other hosts. It can synchronize directories, or individual file, and can maintain file permissions and owners along the way. If you’re a UNIX geek, it’s for you.
I’m not going to go into the details of exactly what it can do, and how it work – rather, I’m going to go through the process of running the rsync daemon on your machine. This will allow you to access your rsync “shares” from any other machine on your network at any time.

Requirements

  • Knowledge of the command line interface
  • Administrator access

Installation

Let’s begin.

1. First thing you want to do, is make sure you are an administrator on your mac. There’s not much point continuing if you’re not. You may need to use sudo to create some of the files below.

2. Open up Terminal and cd to /Library/LaunchDaemons

Here we’ll create a service definition which will allow the daemon to start (through launchd).

3. Download this file and copy it into the directory: http://maxpowerindustries.com/files/rsync.plist

(e.g. sudo cp ~/Downloads/rsync.plist .)

4. Check the directory and make sure the owner of the file is root, the group is wheel, and the permissions are rw-r–r–. Note: If the permissions are not correct, the daemon will not load. You can check if launchd is loading the module correctly by running: sudo launchctl load /Library/LaunchDaemons/rsync.plist

5. cd to /etc

6. Create a new file called rsyncd.conf

Here we create definitions for the various “shares” the rsync daemon will host.

[root]
   path = /
   hosts allow = 192.168.1.1
   uid = root
   gid = wheel
   read only = false
   comment = Root volume

Again, I won’t explain exactly what all the options are, but essentially, this creates a share called root which points to the root path of the volume ( / ), is readeadable/writeable, only allows connections from the host at 192.168.1.1, and uses root permissions. I wouldn’t grant permissions like this to a host unless you trust that host a whole lot.

If you’re not sure you want to be as extreme as the example above, try:

[websites]
   path = /web_sites
   comment = Web Site Directory for OS X

Save the file and exit your editor.

7. Check the directory and make sure the owner of the file is root, the group is wheel, and the permissions are rw-r—–.

8. Now we have everything we need run. I didn’t need to restart or do anything else – it just worked. If for some reason you can’t rsync right away, you may need to restart your machine or you can run:

sudo launchctl load -w /Library/LaunchDaemons/rsync.plist

9. The final step is to test the service. If you port scan (or nmap) your machine, you’ll probably see that the default rsync port is closed (port 873). Launchd will open the port when required. You may want to test the connection by running a basic rsync:

rsync -axv rsync://192.168.1.2/root/etc/hosts /tmp/